jro_apps/redmine Commit - r3081:06ca18b04225

Adds a 'no_permission_check' option to the MailHandler....

Jean-Philippe Lang -

r3081:06ca18b04225

parent child

Context file:

r3081:06ca18b04225

Collapse all files

app/models/mail_handler.rb +17 -5

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class MailHandler < ActionMailer::Base
               include ActionView::Helpers::SanitizeHelper
               class UnauthorizedAction < StandardError; end
               class MissingInformation < StandardError; end
               attr_reader :email, :user
               def self.receive(email, options={})
                 @@handler_options = options.dup
                 @@handler_options[:issue] ||= {}
                 @@handler_options[:allow_override] = @@handler_options[:allow_override].split(',').collect(&:strip) if @@handler_options[:allow_override].is_a?(String)
                 @@handler_options[:allow_override] ||= []
                 # Project needs to be overridable if not specified
                 @@handler_options[:allow_override] << 'project' unless @@handler_options[:issue].has_key?(:project)
                 # Status overridable by default
                 @@handler_options[:allow_override] << 'status' unless @@handler_options[:issue].has_key?(:status)
+                @@handler_options[:no_permission_check] = (@@handler_options[:no_permission_check].to_s == '1' ? true : false)
                 super email
               end
               # Processes incoming emails
               # Returns the created object (eg. an issue, a message) or false
               def receive(email)
                 @email = email
                 sender_email = email.from.to_a.first.to_s.strip
                 # Ignore emails received from the application emission address to avoid hell cycles
                 if sender_email.downcase == Setting.mail_from.to_s.strip.downcase
                   logger.info  "MailHandler: ignoring email from Redmine emission address [#{sender_email}]" if logger && logger.info
                   return false
                 end
                 @user = User.find_by_mail(sender_email)
                 if @user && !@user.active?
                   logger.info  "MailHandler: ignoring email from non-active user [#{@user.login}]" if logger && logger.info
                   return false
                 end
                 if @user.nil?
                   # Email was submitted by an unknown user
                   case @@handler_options[:unknown_user]
                   when 'accept'
                     @user = User.anonymous
                   when 'create'
                     @user = MailHandler.create_user_from_email(email)
                     if @user
                       logger.info "MailHandler: [#{@user.login}] account created" if logger && logger.info
                       Mailer.deliver_account_information(@user, @user.password)
                     else
                       logger.error "MailHandler: could not create account for [#{sender_email}]" if logger && logger.error
                       return false
                     end
                   else
                     # Default behaviour, emails from unknown users are ignored
                     logger.info  "MailHandler: ignoring email from unknown user [#{sender_email}]" if logger && logger.info
                     return false
                   end
                 end
                 User.current = @user
                 dispatch
               end
               private
               MESSAGE_ID_RE = %r{^<redmine\.([a-z0-9_]+)\-(\d+)\.\d+@}
               ISSUE_REPLY_SUBJECT_RE = %r{\[[^\]]*#(\d+)\]}
               MESSAGE_REPLY_SUBJECT_RE = %r{\[[^\]]*msg(\d+)\]}
               def dispatch
                 headers = [email.in_reply_to, email.references].flatten.compact
                 if headers.detect {|h| h.to_s =~ MESSAGE_ID_RE}
                   klass, object_id = $1, $2.to_i
                   method_name = "receive_#{klass}_reply"
                   if self.class.private_instance_methods.collect(&:to_s).include?(method_name)
                     send method_name, object_id
                   else
                     # ignoring it
                   end
                 elsif m = email.subject.match(ISSUE_REPLY_SUBJECT_RE)
                   receive_issue_reply(m[1].to_i)
                 elsif m = email.subject.match(MESSAGE_REPLY_SUBJECT_RE)
                   receive_message_reply(m[1].to_i)
                 else
                   receive_issue
                 end
               rescue ActiveRecord::RecordInvalid => e
                 # TODO: send a email to the user
                 logger.error e.message if logger
                 false
               rescue MissingInformation => e
                 logger.error "MailHandler: missing information from #{user}: #{e.message}" if logger
                 false
               rescue UnauthorizedAction => e
                 logger.error "MailHandler: unauthorized attempt from #{user}" if logger
                 false
               end
               # Creates a new issue
               def receive_issue
                 project = target_project
                 tracker = (get_keyword(:tracker) && project.trackers.find_by_name(get_keyword(:tracker))) || project.trackers.find(:first)
                 category = (get_keyword(:category) && project.issue_categories.find_by_name(get_keyword(:category)))
                 priority = (get_keyword(:priority) && IssuePriority.find_by_name(get_keyword(:priority)))
                 status =  (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))
                 # check permission
-                raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
+                unless @@handler_options[:no_permission_check]
+                  raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
+                end
                 issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority)
                 # check workflow
                 if status && issue.new_statuses_allowed_to(user).include?(status)
                   issue.status = status
                 end
                 issue.subject = email.subject.chomp
                 issue.subject = issue.subject.toutf8 if issue.subject.respond_to?(:toutf8)
                 if issue.subject.blank?
                   issue.subject = '(no subject)'
                 end
                 issue.description = plain_text_body
                 # custom fields
                 issue.custom_field_values = issue.available_custom_fields.inject({}) do |h, c|
                   if value = get_keyword(c.name, :override => true)
                     h[c.id] = value
                   end
                   h
                 end
                 # add To and Cc as watchers before saving so the watchers can reply to Redmine
                 add_watchers(issue)
                 issue.save!
                 add_attachments(issue)
                 logger.info "MailHandler: issue ##{issue.id} created by #{user}" if logger && logger.info
                 issue
               end
               def target_project
                 # TODO: other ways to specify project:
                 # * parse the email To field
                 # * specific project (eg. Setting.mail_handler_target_project)
                 target = Project.find_by_identifier(get_keyword(:project))
                 raise MissingInformation.new('Unable to determine target project') if target.nil?
                 target
               end
               # Adds a note to an existing issue
               def receive_issue_reply(issue_id)
                 status =  (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))
                 issue = Issue.find_by_id(issue_id)
                 return unless issue
                 # check permission
-                raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project)
+                unless @@handler_options[:no_permission_check]
-                raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project)
+                  raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project)
+                  raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project)
+                end
                 # add the note
                 journal = issue.init_journal(user, plain_text_body)
                 add_attachments(issue)
                 # check workflow
                 if status && issue.new_statuses_allowed_to(user).include?(status)
                   issue.status = status
                 end
                 issue.save!
                 logger.info "MailHandler: issue ##{issue.id} updated by #{user}" if logger && logger.info
                 journal
               end
               # Reply will be added to the issue
               def receive_journal_reply(journal_id)
                 journal = Journal.find_by_id(journal_id)
                 if journal && journal.journalized_type == 'Issue'
                   receive_issue_reply(journal.journalized_id)
                 end
               end
               # Receives a reply to a forum message
               def receive_message_reply(message_id)
                 message = Message.find_by_id(message_id)
                 if message
                   message = message.root
-                  if user.allowed_to?(:add_messages, message.project) && !message.locked?
+                  unless @@handler_options[:no_permission_check]
+                    raise UnauthorizedAction unless user.allowed_to?(:add_messages, message.project)
+                  end
+                  if !message.locked?
                     reply = Message.new(:subject => email.subject.gsub(%r{^.*msg\d+\]}, '').strip,
                                         :content => plain_text_body)
                     reply.author = user
                     reply.board = message.board
                     message.children << reply
                     add_attachments(reply)
                     reply
                   else
-                    raise UnauthorizedAction
+                    logger.info "MailHandler: ignoring reply from [#{sender_email}] to a locked topic" if logger && logger.info
                   end
                 end
               end
               def add_attachments(obj)
                 if email.has_attachments?
                   email.attachments.each do |attachment|
                     Attachment.create(:container => obj,
                                       :file => attachment,
                                       :author => user,
                                       :content_type => attachment.content_type)
                   end
                 end
               end
               # Adds To and Cc as watchers of the given object if the sender has the
               # appropriate permission
               def add_watchers(obj)
                 if user.allowed_to?("add_#{obj.class.name.underscore}_watchers".to_sym, obj.project)
                   addresses = [email.to, email.cc].flatten.compact.uniq.collect {|a| a.strip.downcase}
                   unless addresses.empty?
                     watchers = User.active.find(:all, :conditions => ['LOWER(mail) IN (?)', addresses])
                     watchers.each {|w| obj.add_watcher(w)}
                   end
                 end
               end
               def get_keyword(attr, options={})
                 @keywords ||= {}
                 if @keywords.has_key?(attr)
                   @keywords[attr]
                 else
                   @keywords[attr] = begin
                     if (options[:override] || @@handler_options[:allow_override].include?(attr.to_s)) && plain_text_body.gsub!(/^#{attr}[ \t]*:[ \t]*(.+)\s*$/i, '')
                       $1.strip
                     elsif !@@handler_options[:issue][attr].blank?
                       @@handler_options[:issue][attr]
                     end
                   end
                 end
               end
               # Returns the text/plain part of the email
               # If not found (eg. HTML-only email), returns the body with tags removed
               def plain_text_body
                 return @plain_text_body unless @plain_text_body.nil?
                 parts = @email.parts.collect {|c| (c.respond_to?(:parts) && !c.parts.empty?) ? c.parts : c}.flatten
                 if parts.empty?
                   parts << @email
                 end
                 plain_text_part = parts.detect {|p| p.content_type == 'text/plain'}
                 if plain_text_part.nil?
                   # no text/plain part found, assuming html-only email
                   # strip html tags and remove doctype directive
                   @plain_text_body = strip_tags(@email.body.to_s)
                   @plain_text_body.gsub! %r{^<!DOCTYPE .*$}, ''
                 else
                   @plain_text_body = plain_text_part.body.to_s
                 end
                 @plain_text_body.strip!
                 @plain_text_body
               end
               def self.full_sanitizer
                 @full_sanitizer ||= HTML::FullSanitizer.new
               end
               # Creates a user account for the +email+ sender
               def self.create_user_from_email(email)
                 addr = email.from_addrs.to_a.first
                 if addr && !addr.spec.blank?
                   user = User.new
                   user.mail = addr.spec
                   names = addr.name.blank? ? addr.spec.gsub(/@.*$/, '').split('.') : addr.name.split
                   user.firstname = names.shift
                   user.lastname = names.join(' ')
                   user.lastname = '-' if user.lastname.blank?
                   user.login = user.mail
                   user.password = ActiveSupport::SecureRandom.hex(5)
                   user.language = Setting.default_language
                   user.save ? user : nil
                 end
               end
             end

extra/mail_handler/rdm-mailhandler.rb +9 -3

             #!/usr/bin/env ruby
             # == Synopsis
             #
             # Reads an email from standard input and forward it to a Redmine server
             # through a HTTP request.
             #
             # == Usage
             #
             #    rdm-mailhandler [options] --url=<Redmine URL> --key=<API key>
             #
             # == Arguments
             #
             #   -u, --url                      URL of the Redmine server
             #   -k, --key                      Redmine API key
             #
             # General options:
             #       --unknown-user=ACTION      how to handle emails from an unknown user
             #                                  ACTION can be one of the following values:
             #                                  ignore: email is ignored (default)
             #                                  accept: accept as anonymous user
             #                                  create: create a user account
+            #       --no-permission-check      disable permission checking when receiving
+            #                                  the email
             #   -h, --help                     show this help
             #   -v, --verbose                  show extra information
             #   -V, --version                  show version information and exit
             #
             # Issue attributes control options:
             #   -p, --project=PROJECT          identifier of the target project
             #   -s, --status=STATUS            name of the target status
             #   -t, --tracker=TRACKER          name of the target tracker
             #       --category=CATEGORY        name of the target category
             #       --priority=PRIORITY        name of the target priority
             #   -o, --allow-override=ATTRS     allow email content to override attributes
             #                                  specified by previous options
             #                                  ATTRS is a comma separated list of attributes
             #
             # == Examples
             # No project specified. Emails MUST contain the 'Project' keyword:
             #
             #   rdm-mailhandler --url http://redmine.domain.foo --key secret
             #
             # Fixed project and default tracker specified, but emails can override
             # both tracker and priority attributes using keywords:
             #
             #   rdm-mailhandler --url https://domain.foo/redmine --key secret \\
             #                   --project foo \\
             #                   --tracker bug \\
             #                   --allow-override tracker,priority
             require 'net/http'
             require 'net/https'
             require 'uri'
             require 'getoptlong'
             require 'rdoc/usage'
             module Net
               class HTTPS < HTTP
                 def self.post_form(url, params)
                   request = Post.new(url.path)
                   request.form_data = params
                   request.basic_auth url.user, url.password if url.user
                   http = new(url.host, url.port)
                   http.use_ssl = (url.scheme == 'https')
                   http.start {|h| h.request(request) }
                 end
               end
             end
             class RedmineMailHandler
               VERSION = '0.1'
-              attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :url, :key
+              attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :no_permission_check, :url, :key
               def initialize
                 self.issue_attributes = {}
                 opts = GetoptLong.new(
                   [ '--help',           '-h', GetoptLong::NO_ARGUMENT ],
                   [ '--version',        '-V', GetoptLong::NO_ARGUMENT ],
                   [ '--verbose',        '-v', GetoptLong::NO_ARGUMENT ],
                   [ '--url',            '-u', GetoptLong::REQUIRED_ARGUMENT ],
                   [ '--key',            '-k', GetoptLong::REQUIRED_ARGUMENT],
                   [ '--project',        '-p', GetoptLong::REQUIRED_ARGUMENT ],
                   [ '--status',         '-s', GetoptLong::REQUIRED_ARGUMENT ],
                   [ '--tracker',        '-t', GetoptLong::REQUIRED_ARGUMENT],
                   [ '--category',             GetoptLong::REQUIRED_ARGUMENT],
                   [ '--priority',             GetoptLong::REQUIRED_ARGUMENT],
                   [ '--allow-override', '-o', GetoptLong::REQUIRED_ARGUMENT],
-                  [ '--unknown-user',         GetoptLong::REQUIRED_ARGUMENT]
+                  [ '--unknown-user',         GetoptLong::REQUIRED_ARGUMENT],
+                  [ '--no-permission-check',  GetoptLong::NO_ARGUMENT]
                 )
                 opts.each do |opt, arg|
                   case opt
                   when '--url'
                     self.url = arg.dup
                   when '--key'
                     self.key = arg.dup
                   when '--help'
                     usage
                   when '--verbose'
                     self.verbose = true
                   when '--version'
                     puts VERSION; exit
                   when '--project', '--status', '--tracker', '--category', '--priority'
                     self.issue_attributes[opt.gsub(%r{^\-\-}, '')] = arg.dup
                   when '--allow-override'
                     self.allow_override = arg.dup
                   when '--unknown-user'
                     self.unknown_user = arg.dup
+                  when '--no-permission-check'
+                    self.no_permission_check = '1'
                   end
                 end
                 RDoc.usage if url.nil?
               end
               def submit(email)
                 uri = url.gsub(%r{/*$}, '') + '/mail_handler'
                 data = { 'key' => key, 'email' => email,
                                        'allow_override' => allow_override,
-                                       'unknown_user' => unknown_user }
+                                       'unknown_user' => unknown_user,
+                                       'no_permission_check' => no_permission_check}
                 issue_attributes.each { |attr, value| data["issue[#{attr}]"] = value }
                 debug "Posting to #{uri}..."
                 response = Net::HTTPS.post_form(URI.parse(uri), data)
                 debug "Response received: #{response.code}"
                 case response.code.to_i
                   when 403
                     warn "Request was denied by your Redmine server. " +
                          "Make sure that 'WS for incoming emails' is enabled in application settings and that you provided the correct API key."
                     return 77
                   when 422
                     warn "Request was denied by your Redmine server. " +
                          "Possible reasons: email is sent from an invalid email address or is missing some information."
                     return 77
                   when 400..499
                     warn "Request was denied by your Redmine server (#{response.code})."
                     return 77
                   when 500..599
                     warn "Failed to contact your Redmine server (#{response.code})."
                     return 75
                   when 201
                     debug "Proccessed successfully"
                     return 0
                   else
                     return 1
                 end
               end
               private
               def debug(msg)
                 puts msg if verbose
               end
             end
             handler = RedmineMailHandler.new
             exit(handler.submit(STDIN.read))

lib/tasks/email.rake +6 0

             # Redmine - project management software
             # Copyright (C) 2006-2008  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             namespace :redmine do
               namespace :email do
                 desc <<-END_DESC
             Read an email from standard input.
             General options:
               unknown_user=ACTION      how to handle emails from an unknown user
                                        ACTION can be one of the following values:
                                        ignore: email is ignored (default)
                                        accept: accept as anonymous user
                                        create: create a user account
+              no_permission_check=1    disable permission checking when receiving
+                                       the email
             Issue attributes control options:
               project=PROJECT          identifier of the target project
               status=STATUS            name of the target status
               tracker=TRACKER          name of the target tracker
               category=CATEGORY        name of the target category
               priority=PRIORITY        name of the target priority
               allow_override=ATTRS     allow email content to override attributes
                                        specified by previous options
                                        ATTRS is a comma separated list of attributes
             Examples:
               # No project specified. Emails MUST contain the 'Project' keyword:
               rake redmine:email:read RAILS_ENV="production" < raw_email
               # Fixed project and default tracker specified, but emails can override
               # both tracker and priority attributes:
               rake redmine:email:read RAILS_ENV="production" \\
                               project=foo \\
                               tracker=bug \\
                               allow_override=tracker,priority < raw_email
             END_DESC
                 task :read => :environment do
                   options = { :issue => {} }
                   %w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] }
                   options[:allow_override] = ENV['allow_override'] if ENV['allow_override']
                   options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user']
+                  options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check']
                   MailHandler.receive(STDIN.read, options)
                 end
                 desc <<-END_DESC
             Read emails from an IMAP server.
             General options:
               unknown_user=ACTION      how to handle emails from an unknown user
                                        ACTION can be one of the following values:
                                        ignore: email is ignored (default)
                                        accept: accept as anonymous user
                                        create: create a user account
+              no_permission_check=1    disable permission checking when receiving
+                                       the email
             Available IMAP options:
               host=HOST                IMAP server host (default: 127.0.0.1)
               port=PORT                IMAP server port (default: 143)
               ssl=SSL                  Use SSL? (default: false)
               username=USERNAME        IMAP account
               password=PASSWORD        IMAP password
               folder=FOLDER            IMAP folder to read (default: INBOX)
             Issue attributes control options:
               project=PROJECT          identifier of the target project
               status=STATUS            name of the target status
               tracker=TRACKER          name of the target tracker
               category=CATEGORY        name of the target category
               priority=PRIORITY        name of the target priority
               allow_override=ATTRS     allow email content to override attributes
                                        specified by previous options
                                        ATTRS is a comma separated list of attributes
             Processed emails control options:
               move_on_success=MAILBOX  move emails that were successfully received
                                        to MAILBOX instead of deleting them
               move_on_failure=MAILBOX  move emails that were ignored to MAILBOX
             Examples:
               # No project specified. Emails MUST contain the 'Project' keyword:
               rake redmine:email:receive_iamp RAILS_ENV="production" \\
                 host=imap.foo.bar username=redmine@example.net password=xxx
               # Fixed project and default tracker specified, but emails can override
               # both tracker and priority attributes:
               rake redmine:email:receive_iamp RAILS_ENV="production" \\
                 host=imap.foo.bar username=redmine@example.net password=xxx ssl=1 \\
                 project=foo \\
                 tracker=bug \\
                 allow_override=tracker,priority
             END_DESC
                 task :receive_imap => :environment do
                   imap_options = {:host => ENV['host'],
                                   :port => ENV['port'],
                                   :ssl => ENV['ssl'],
                                   :username => ENV['username'],
                                   :password => ENV['password'],
                                   :folder => ENV['folder'],
                                   :move_on_success => ENV['move_on_success'],
                                   :move_on_failure => ENV['move_on_failure']}
                   options = { :issue => {} }
                   %w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] }
                   options[:allow_override] = ENV['allow_override'] if ENV['allow_override']
                   options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user']
+                  options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check']
                   Redmine::IMAP.check(imap_options, options)
                 end
               end
             end

test/unit/mail_handler_test.rb +20 0

             # Redmine - project management software
             # Copyright (C) 2006-2009  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.dirname(__FILE__) + '/../test_helper'
             class MailHandlerTest < ActiveSupport::TestCase
               fixtures :users, :projects,
                                :enabled_modules,
                                :roles,
                                :members,
                                :member_roles,
                                :issues,
                                :issue_statuses,
                                :workflows,
                                :trackers,
                                :projects_trackers,
                                :enumerations,
                                :issue_categories,
                                :custom_fields,
                                :custom_fields_trackers,
                                :boards,
                                :messages
               FIXTURES_PATH = File.dirname(__FILE__) + '/../fixtures/mail_handler'
               def setup
                 ActionMailer::Base.deliveries.clear
               end
               def test_add_issue
                 ActionMailer::Base.deliveries.clear
                 # This email contains: 'Project: onlinestore'
                 issue = submit_email('ticket_on_given_project.eml')
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal 'New ticket on a given project', issue.subject
                 assert_equal User.find_by_login('jsmith'), issue.author
                 assert_equal Project.find(2), issue.project
                 assert_equal IssueStatus.find_by_name('Resolved'), issue.status
                 assert issue.description.include?('Lorem ipsum dolor sit amet, consectetuer adipiscing elit.')
                 # keywords should be removed from the email body
                 assert !issue.description.match(/^Project:/i)
                 assert !issue.description.match(/^Status:/i)
                 # Email notification should be sent
                 mail = ActionMailer::Base.deliveries.last
                 assert_not_nil mail
                 assert mail.subject.include?('New ticket on a given project')
               end
               def test_add_issue_with_status
                 # This email contains: 'Project: onlinestore' and 'Status: Resolved'
                 issue = submit_email('ticket_on_given_project.eml')
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal Project.find(2), issue.project
                 assert_equal IssueStatus.find_by_name("Resolved"), issue.status
               end
               def test_add_issue_with_attributes_override
                 issue = submit_email('ticket_with_attributes.eml', :allow_override => 'tracker,category,priority')
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal 'New ticket on a given project', issue.subject
                 assert_equal User.find_by_login('jsmith'), issue.author
                 assert_equal Project.find(2), issue.project
                 assert_equal 'Feature request', issue.tracker.to_s
                 assert_equal 'Stock management', issue.category.to_s
                 assert_equal 'Urgent', issue.priority.to_s
                 assert issue.description.include?('Lorem ipsum dolor sit amet, consectetuer adipiscing elit.')
               end
               def test_add_issue_with_partial_attributes_override
                 issue = submit_email('ticket_with_attributes.eml', :issue => {:priority => 'High'}, :allow_override => ['tracker'])
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal 'New ticket on a given project', issue.subject
                 assert_equal User.find_by_login('jsmith'), issue.author
                 assert_equal Project.find(2), issue.project
                 assert_equal 'Feature request', issue.tracker.to_s
                 assert_nil issue.category
                 assert_equal 'High', issue.priority.to_s
                 assert issue.description.include?('Lorem ipsum dolor sit amet, consectetuer adipiscing elit.')
               end
               def test_add_issue_with_spaces_between_attribute_and_separator
                 issue = submit_email('ticket_with_spaces_between_attribute_and_separator.eml', :allow_override => 'tracker,category,priority')
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal 'New ticket on a given project', issue.subject
                 assert_equal User.find_by_login('jsmith'), issue.author
                 assert_equal Project.find(2), issue.project
                 assert_equal 'Feature request', issue.tracker.to_s
                 assert_equal 'Stock management', issue.category.to_s
                 assert_equal 'Urgent', issue.priority.to_s
                 assert issue.description.include?('Lorem ipsum dolor sit amet, consectetuer adipiscing elit.')
               end
               def test_add_issue_with_attachment_to_specific_project
                 issue = submit_email('ticket_with_attachment.eml', :issue => {:project => 'onlinestore'})
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal 'Ticket created by email with attachment', issue.subject
                 assert_equal User.find_by_login('jsmith'), issue.author
                 assert_equal Project.find(2), issue.project
                 assert_equal 'This is  a new ticket with attachments', issue.description
                 # Attachment properties
                 assert_equal 1, issue.attachments.size
                 assert_equal 'Paella.jpg', issue.attachments.first.filename
                 assert_equal 'image/jpeg', issue.attachments.first.content_type
                 assert_equal 10790, issue.attachments.first.filesize
               end
               def test_add_issue_with_custom_fields
                 issue = submit_email('ticket_with_custom_fields.eml', :issue => {:project => 'onlinestore'})
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal 'New ticket with custom field values', issue.subject
                 assert_equal 'Value for a custom field', issue.custom_value_for(CustomField.find_by_name('Searchable field')).value
                 assert !issue.description.match(/^searchable field:/i)
               end
               def test_add_issue_with_cc
                 issue = submit_email('ticket_with_cc.eml', :issue => {:project => 'ecookbook'})
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert issue.watched_by?(User.find_by_mail('dlopper@somenet.foo'))
                 assert_equal 1, issue.watchers.size
               end
               def test_add_issue_by_unknown_user
                 assert_no_difference 'User.count' do
                   assert_equal false, submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'ecookbook'})
                 end
               end
               def test_add_issue_by_anonymous_user
                 Role.anonymous.add_permission!(:add_issues)
                 assert_no_difference 'User.count' do
                   issue = submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'ecookbook'}, :unknown_user => 'accept')
                   assert issue.is_a?(Issue)
                   assert issue.author.anonymous?
                 end
               end
+              def test_add_issue_by_anonymous_user_on_private_project
+                Role.anonymous.add_permission!(:add_issues)
+                assert_no_difference 'User.count' do
+                  assert_no_difference 'Issue.count' do
+                    assert_equal false, submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :unknown_user => 'accept')
+                  end
+                end
+              end
+              def test_add_issue_by_anonymous_user_on_private_project_without_permission_check
+                assert_no_difference 'User.count' do
+                  assert_difference 'Issue.count' do
+                    issue = submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :no_permission_check => '1', :unknown_user => 'accept')
+                    assert issue.is_a?(Issue)
+                    assert issue.author.anonymous?
+                    assert !issue.project.is_public?
+                  end
+                end
+              end
               def test_add_issue_by_created_user
                 Setting.default_language = 'en'
                 assert_difference 'User.count' do
                   issue = submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'ecookbook'}, :unknown_user => 'create')
                   assert issue.is_a?(Issue)
                   assert issue.author.active?
                   assert_equal 'john.doe@somenet.foo', issue.author.mail
                   assert_equal 'John', issue.author.firstname
                   assert_equal 'Doe', issue.author.lastname
                   # account information
                   email = ActionMailer::Base.deliveries.first
                   assert_not_nil email
                   assert email.subject.include?('account activation')
                   login = email.body.match(/\* Login: (.*)$/)[1]
                   password = email.body.match(/\* Password: (.*)$/)[1]
                   assert_equal issue.author, User.try_to_login(login, password)
                 end
               end
               def test_add_issue_without_from_header
                 Role.anonymous.add_permission!(:add_issues)
                 assert_equal false, submit_email('ticket_without_from_header.eml')
               end
               def test_should_ignore_emails_from_emission_address
                 Role.anonymous.add_permission!(:add_issues)
                 assert_no_difference 'User.count' do
                   assert_equal false, submit_email('ticket_from_emission_address.eml', :issue => {:project => 'ecookbook'}, :unknown_user => 'create')
                 end
               end
               def test_add_issue_should_send_email_notification
                 ActionMailer::Base.deliveries.clear
                 # This email contains: 'Project: onlinestore'
                 issue = submit_email('ticket_on_given_project.eml')
                 assert issue.is_a?(Issue)
                 assert_equal 1, ActionMailer::Base.deliveries.size
               end
               def test_add_issue_note
                 journal = submit_email('ticket_reply.eml')
                 assert journal.is_a?(Journal)
                 assert_equal User.find_by_login('jsmith'), journal.user
                 assert_equal Issue.find(2), journal.journalized
                 assert_match /This is reply/, journal.notes
               end
               def test_add_issue_note_with_status_change
                 # This email contains: 'Status: Resolved'
                 journal = submit_email('ticket_reply_with_status.eml')
                 assert journal.is_a?(Journal)
                 issue = Issue.find(journal.issue.id)
                 assert_equal User.find_by_login('jsmith'), journal.user
                 assert_equal Issue.find(2), journal.journalized
                 assert_match /This is reply/, journal.notes
                 assert_equal IssueStatus.find_by_name("Resolved"), issue.status
               end
               def test_add_issue_note_should_send_email_notification
                 ActionMailer::Base.deliveries.clear
                 journal = submit_email('ticket_reply.eml')
                 assert journal.is_a?(Journal)
                 assert_equal 1, ActionMailer::Base.deliveries.size
               end
               def test_reply_to_a_message
                 m = submit_email('message_reply.eml')
                 assert m.is_a?(Message)
                 assert !m.new_record?
                 m.reload
                 assert_equal 'Reply via email', m.subject
                 # The email replies to message #2 which is part of the thread of message #1
                 assert_equal Message.find(1), m.parent
               end
               def test_reply_to_a_message_by_subject
                 m = submit_email('message_reply_by_subject.eml')
                 assert m.is_a?(Message)
                 assert !m.new_record?
                 m.reload
                 assert_equal 'Reply to the first post', m.subject
                 assert_equal Message.find(1), m.parent
               end
               def test_should_strip_tags_of_html_only_emails
                 issue = submit_email('ticket_html_only.eml', :issue => {:project => 'ecookbook'})
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal 'HTML email', issue.subject
                 assert_equal 'This is a html-only email.', issue.description
               end
               private
               def submit_email(filename, options={})
                 raw = IO.read(File.join(FIXTURES_PATH, filename))
                 MailHandler.receive(raw, options)
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages